Monthly Archives2016 December

Unfortunately, there has been a lot of talk of cyber attacks and ones specifically on servers that can leave thousands of people without internet access. With the vastness of the internet, it has become increasingly easier for cyber-criminals to carry out attacks.

The type of attack most associated with a server attack is something called a DDoS (distributed denial of service). It is like standing in line somewhere and then a bunch of people who aren’t shopping coming in and standing in front of you in line. There are trying to block you from doing anything.

What’s interesting regarding the attacks is that the DDoS can happen easier based off employee errors who are using the servers. Too much traffic and wrong settings can cause an overbearing weight put on the server. The company we partner with for our antivirus, Panda, has a few tips to avoid DDoS attacks.

Tips to avoid DDoS attacks

In order to prevent this from happening, the experts at Google offer some advice:

• First, make it so that the initial 60 second delay doubles with each failed request, so that the second attempt is submitted after 120 seconds, the third after 240 seconds, and so on. That way, the number of requests piled up will be lower when the server returns to normal.
• They also recommend that the app keep count of the number of reconnection attempts that each user has made, so that the most urgent requests are given priority when the server gets back to normal. This way, the requests that have been waiting the longest will be attended to first, while the rest continue waiting. A traffic bottleneck will therefore be averted, along with unwanted downtime caused by a DDoS attack launched against yourself.

-AY

Source: Panda Security. “How to avoid bogging down your own servers.” Web. 5 December 2016.

There is a statistic going around that states that 97% of large companies are victims of substantial data breaches. Although it is not uncommon for cyber criminals to go after individuals, a majority of the time they are after large corporations. The bigger the company and risk, the bigger the reward unfortunately.

A lot of companies also host their own business emails that employees use to sign in not only to the company email, but also for things like LinkedIn, which was breached just a few months ago. All these professionals also use the same password for various platforms that makes the situation worse and seemingly easier for criminals to get into.

It’s important when signing up for anything except a business email, to use a different email address and start putting together several different, unique, and even complex passwords to avoid the risk of a mass data breach within the workplace.

-AY

Source: Panda Security. “97% of Large Companies are Victims of Mass Data Breaches.” Panda Mediacenter. 2 November 2016. Web.

So far it looks like over a million Google accounts have been infected with malicious software. The so-called attacking campaign is being called Gooligan and is actively infecting 13,000 new devices and accounts on a daily basis. The infection allows for information theft on things like Google Play, Gmail, Google Drive, and more.

The interesting part, however, is that the attackers are not after personal information, and instead looking to force Google users to download apps that are a part of an advertising scheme that generates over $300,000 a month. Google themselves has stated that the culprits are not after information, but to simply promote various applications.

The apps being used come from outside sources not involved with Google Play, but the few that have made their way into Google’s store has since been deleted.

-AY

Source: Solsman, Joan & Nieva, Richard. “Google accounts hit with malware — a million and growing.” Web Blog Post. 30 November 2016. Web.